User eliminated and elimination over Now evaluation is to be done

author: Arun Scaria <arunscaria91@gmail.com> 2011-08-16 22:01:38 +0530
committer: Arun Scaria <arunscaria91@gmail.com> 2011-08-16 22:01:38 +0530
commit: 5334141ba78905b2bf55a8f5a0608f5cc5afd523 (patch)
tree: 8687f83ad4e64ed76ea332cc4f22c94b6ccb4c73
parent: 1ceb369fc0ea5ae99cc68e649069ae49054288f1 (diff)
download: sssd_unused-5334141ba78905b2bf55a8f5a0608f5cc5afd523.tar.gz
sssd_unused-5334141ba78905b2bf55a8f5a0608f5cc5afd523.tar.xz
sssd_unused-5334141ba78905b2bf55a8f5a0608f5cc5afd523.zip
1 files changed, 49 insertions, 10 deletions
diff --git a/src/responder/sudo/sudosrv.c b/src/responder/sudo/sudosrv.c
index 8e7aaf6a..9a06d8d8 100644
--- a/src/responder/sudo/sudosrv.c
+++ b/src/responder/sudo/sudosrv.c
@@ -109,14 +109,14 @@ errno_t prepare_filter(char ** filter_in,uid_t user_id,char * host, struct ldb_r
 
 
     for(i=0;i< res->count;i++){
-        filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=%s)",ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL));
+        filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_USER_ATTR"=%%%s)",ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL));
         if (!filter) {
             DEBUG(0, ("Failed to build filter - %s\n",filter));
             ret = ENOMEM;
             goto done;
         }
     }
-    filter = talloc_asprintf_append(filter,")("SYSDB_SUDO_HOST_ATTR"=+*)");
+    filter = talloc_asprintf_append(filter,")(|("SYSDB_SUDO_HOST_ATTR"=+*)");
     if (!filter) {
         DEBUG(0, ("Failed to build filter - %s\n",filter));
         ret = ENOMEM;
@@ -128,7 +128,7 @@ errno_t prepare_filter(char ** filter_in,uid_t user_id,char * host, struct ldb_r
         ret = ENOMEM;
         goto done;
     }
-    filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_HOST_ATTR"=%s)",host);
+    filter = talloc_asprintf_append(filter,"("SYSDB_SUDO_HOST_ATTR"=%s))",host);
     if (!filter) {
         DEBUG(0, ("Failed to build filter - %s\n",filter));
         ret = ENOMEM;
@@ -176,11 +176,11 @@ errno_t search_sudo_rules(struct sudo_client *sudocli,
     struct ldb_result *res;
     int ret;
     size_t count;
-    int i,flag=0;
+    int i,flag=0,valid_user_count=0;
     TALLOC_CTX *listctx;
     list_sss *list, *current, *tmp;
     struct sudo_cmd_ctx * sudo_cmnd;
-    char * host,*tmphost,*domain_name ;
+    char * host,*tmphost,*domain_name,*tmpuser ;
 
     fprintf(stdout,"in Sudo rule\n");
     tmpctx = talloc_new(sudocli);
@@ -206,7 +206,7 @@ errno_t search_sudo_rules(struct sudo_client *sudocli,
         }
         goto done;
     }
-    filter = talloc_asprintf(tmpctx,"|(|("SYSDB_SUDO_USER_ATTR"=%s)",user_name);
+    filter = talloc_asprintf(tmpctx,"&(|("SYSDB_SUDO_USER_ATTR"=%s)",user_name);
     if (!filter) {
         DEBUG(0, ("Failed to build filter - %s\n",filter));
         ret = ENOMEM;
@@ -250,7 +250,7 @@ errno_t search_sudo_rules(struct sudo_client *sudocli,
     }
     initList(&list);
 
-    for(i=0; i< count ; i++) {
+    for(i=0; i < count ; i++) {
         appendNode(listctx, &list, sudo_rules_msgs[i]);
     }
     current = list;
@@ -258,8 +258,6 @@ errno_t search_sudo_rules(struct sudo_client *sudocli,
 
     while(current!=NULL) {
 
-
-
         DEBUG(0, ("--sudoOrder: %f\n",
                 ldb_msg_find_attr_as_double((struct ldb_message *)current->data,
                                             SYSDB_SUDO_ORDER_ATTR,
@@ -286,7 +284,7 @@ errno_t search_sudo_rules(struct sudo_client *sudocli,
                                      "%s",
                                      (const char *) (el->values[i].data));
 
-            if(fstrcmp(tmpcmd,"ALL") == 0){
+            if(strcmp(tmpcmd,"ALL") == 0){
                 current=current->next;
                 flag=1;
                 break;
@@ -387,6 +385,47 @@ errno_t search_sudo_rules(struct sudo_client *sudocli,
         delNode(&list,current);
         current = tmp;
     }
+    current = list;
+    ////////***/////////
+    while(current!=NULL){
+        el = ldb_msg_find_element((struct ldb_message *)current->data,
+                                  SYSDB_SUDO_USER_ATTR);
+
+        if (!el) {
+            DEBUG(0, ("Failed to get sudo hosts for sudorule [%s]\n",
+                    ldb_dn_get_linearized(((struct ldb_message *)current->data)->dn)));
+            tmp = current->next;
+            delNode(&list,current);
+            current = tmp;
+            continue;
+        }
+        flag = 0;
+
+        for (i = 0; i < el->num_values; i++) {
+
+            DEBUG(0, ("sudoUser: %s\n" ,(const char *) (el->values[i].data)));
+            tmpuser = ( char *) (el->values[i].data);
+            if(tmpuser[0] == '+'){
+                tmpuser++;
+                if(innetgr(tmpuser,NULL,user_name,domain_name) == 1){
+                    flag = 1;
+                }
+            }
+            else{
+                valid_user_count++;
+                break;
+            }
+        }
+
+        if(flag == 1 || valid_user_count > 0){
+            current = current -> next;
+            continue;
+        }
+        tmp = current->next;
+        delNode(&list,current);
+        current = tmp;
+        continue;
+    }
     setenv("_SSS_LOOPS", "NO", 0);
 
     talloc_free(listctx);
author	Arun Scaria <arunscaria91@gmail.com>	2011-08-16 22:01:38 +0530
committer	Arun Scaria <arunscaria91@gmail.com>	2011-08-16 22:01:38 +0530
commit	5334141ba78905b2bf55a8f5a0608f5cc5afd523 (patch)
tree	8687f83ad4e64ed76ea332cc4f22c94b6ccb4c73
parent	1ceb369fc0ea5ae99cc68e649069ae49054288f1 (diff)
download	sssd_unused-5334141ba78905b2bf55a8f5a0608f5cc5afd523.tar.gz sssd_unused-5334141ba78905b2bf55a8f5a0608f5cc5afd523.tar.xz sssd_unused-5334141ba78905b2bf55a8f5a0608f5cc5afd523.zip